🚨🚨🚨 There was no code exploit, no leaked private keys. Bybit’s own multisig signers approved the transactions. They thought they were signing a routine transfer. Instead, they were handing over their entire cold wallet...
But that raises a terrifying question. How did Lazarus know exactly who to target?
A multisig wallet requires multiple signers. If even one refused to sign, the hack would fail. But they all signed.
That means Lazarus didn’t just hack Bybit. They knew who to manipulate. There are only a few ways to get that kind of information.
🚩 Inside job – Someone leaked the signer list.
🚩 Social engineering – Lazarus studied their emails and behavior.
🚩 Device compromise – One or more signers were infected with malware.
This means other exchanges are at risk, too...
Lazarus stole 0.42% of all Ethereum
It means they own more than the Ethereum Foundation, more than Vitalik Buterin and more than Fidelity.
Advice:
Keep your money on multiple wallets, not on exchanges
